I’ve been having some issues with one of my blogs.
Google reports some of the urls inside the subdomain as containing badware. The files related to these urls have been deleted, but it still gives the same error.
I tried correcting the files, deleting them and asking for another review, but google still shows the same alert, and the webmaster tools still says the same.
These are the reported urls:
http://recetas.rpg-bardo.com/nuevo/
http://recetas.rpg-bardo.com/nuevo/bazkf/
http://recetas.rpg-bardo.com/nuevo/bazkf/san-diego-fishing-trip.html
Any idea of how I can fix this?
I’m not sure, but I have the impression that Google trusts fixed pages more than it trusts deleted pages. People have written fairly often about the situation you describe. It is better to fix the pages than to just get rid of them.
You also might have malware on other pages that were not listed in the Google report. The report only shows some of the infected pages, not all of them.
http://www.google.com/safebrowsing/diagnostic?site=http://recetas.rpg-bardo.com/nuevo/bazkf/fly-in-fishing-trip-ontario-canada.html
happened when Google visited this site?Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-05, and the last time suspicious content was found on this site was on 2009-02-05.
Malicious software includes 8 adware(s). Successful infection resulted in an average of 0 new processes on the target machine.
Malicious software is hosted on 6 domain(s), including us-euro-biz/, computerantivirusscanner-com/, bestantispywarescanner-com/.
4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including us-euro-biz/, antispywareliveproscanner-com/, gonesurfing-cn/.[/quote]
Also check: http://www.google.com/support/forum/p/Webmasters/thread?tid=3e1f0d50a0829c96
It looks like Denis suggested to check your .htaccess files, it might have been modified.
I just found another page that said that the attack happened in 2 places for them. The first was that there was an .htaccess page and an index.html that both had redirects located not in their web root, but in their secure web root folder (https.) This changes for every provider, but of all the sites I’ve found that were affected with these particular baddies they all seemed to be hosted by MZIMA.net:
http://www.google.com/safebrowsing/diagnostic?site=AS:25973
I’m assuming you have an https folder. Remove the index.html and .htaccess file and lock it down with an htusers file.
Hello,
I found two pages that appear to contain malicious code:
http://recetas.rpg-bardo.com/nuevo/bazkf/ontario-canada-fishing-trip.html
http://recetas.rpg-bardo.com/nuevo/bazkf/fly-fishing-trip.html
There is a script on these pages that sources in content from www.upperhits.com. This is what appears to be causing your site to be flagged.
For more information, you can visit this link:
http://www.blacklistdoctor.com/bld/diagnose.php?URL=recetas.rpg-bardo.com/nuevo/&scan_id=314
Let me know if this was helpful!
Good find.
Note that these pages return "404. Page not found" errors.
They also contain hundreds of hidden spam links that are not present when you load the pages in a browser. This is called cloaking
report for fly-fishing-trip.html
You should remove the malicious code and upgrade your WordPress as soon as possible.
Denis – www.UnmaskParasites.com
